Stealth copy protection – where we are now

CPRM - one year on

This day a year ago, as I was throwing some clothes into the car trunk on my way to the desert, I saw the most welcome newspaper headline I'll ever see. Our coverage of the incorporation of CPRM (Content Protection for Recordable Media) into the ATA standard used by hard drives had been picked up by the San Jose Mercury which splashed it on the front page.

Since December 21, the story had generated enormous interest and outrage. And Boxing Day saw the start of a concerted attempt to kill the story by discrediting us. We'd done all a news outlet can do - stick to the facts that we know to be true, but for a few days it looked like that might not be enough. There was a real danger that the PR effort to neutralise the story would be successful simply by keeping the broadsheet print and TV media away.

But once the Merc began to make waves, the movers behind CPRM changed focus from attacking The Register to promising that CPRM would remain a way of protecting removable media. A compromise measure was sought.

CPRM on ATA was never easy to explain. Howls of innocence from the 4C members followed our initial story, suggesting that CPRM was only ever intended for removable storage, and heavens no, it would never find its way onto a hard drive. But as you can read to this day, an hour with CPRM's creator prior to us publishing the first story hadn't refuted this suggestion. CPRM on hard drives was in its infancy, for sure, but we came away with valuable advice on how to implement corporate backup strategies to workaround CPRM-protected hard drives.

But the CPRM gambit was an early indication that the entertainment industry was deadly serious about removing the free movement of digital media on what has been, for fifteen years, on open platform.

You don't need to know about command sequences to figure out what these guys want. In August a draft bill called the Security Systems Standards and Certification Act (SSSCA) was proposed by Senator Hollings (D). It proposed mandatory inclusion of copy-protection schemes for domestic and imported PCs, anything in fact, capable of recording digital media. (There was an opt-out for TiVO players). Hollings, who's received a number of donations from the entertainment industry, remained elusive

Although dismissed as a kite, it's been kept alive by the lack of opposition to a slew of hysterical "anti-terrorist" legislation that's followed since September 11.

The other significant share-denial move was the issue of a patent for a "Secure PC" to Microsoft. We reported on this internal Microsoft research project earlier in the year. Approval was granted in December.

It's highly speculative, describing general techniques of locking-down a PC without delving into implementation details. But it's a significant milestone, nonetheless. Microsoft, as you'd expected, has tried to show that it supports cool open formats while planning for their elimination .

Whatever happened to CPRM?
CPRM is alive and well: as we reported in October it's being built into anything that supports a SD card. Microsoft, Palm and the Symbian operating systems all support, or will support, CPRM.

That's where most people would agree it belongs.

The future of the PC however, looks bleaker. The righteous crusade against CPRM by the EFF may have made detecting and blocking CPRM a lot more difficult, some EFF members now privately acknowledge. In March, the T.13 committee blocked a proposal erroneously described as 'son of CPRM' but which was simply documented an interface where otherwise hidden commands may be detected.

The important context in all this, is that with much of each hard drive's command set undocumented, the DRM-lobby never needed to approach the standards body at all.

Hale Landis posted this bleak summaryof the industry landscape in March, and it remains a must-read. By stealth, by private litigation, or by public statutes, the entertainment lobby is determined to kill fair use. ®